FBI to Investigate China-Based DDoS Attacks Against Change.org

As Change.org continues to battle politically motivated distributed denial-of-service attacks from China, the FBI's Cyber Squad begins its investigation into the 10-day-long attack.

Federal authorities are investigating the continuous
distributed denial-of-service attacks that have crippled Change.org for the
past week.
The Federal Bureau of Investigation's Cyber Squad will be
investigating the DDoS attacks that brought down the Change.org servers for
more than 12 hours on April 18, Change.org said on April 27. The grassroots petition
Website has been hit by off-and-on attacks over the past 10 days.

"Change.org is currently experiencing intermittent downtime
due to a denial of service attack from China on our Website," the company said
on its Website.

While the company did "not know the reason or the exact
source of these attacks," Ben Rattray, the founder of the site, blamed the
attacks on hackers based in China, in retaliation for Change.org hosting a
"Human Rights Petition" calling for the release of Ai Weiwei, a prominent
Chinese artist. An outspoken critic, Ai Weiwei was detained by the Chinese
authorities on April 3. More than 126,000 people have signed the petition as of
April 28.
"It's pretty clear the attack is in response to the
campaign," Rattray said.
An internal investigation traced the IP addresses related to
the April 18 attack to computers located in Beijing and Hebei using China
Unicom as the Internet service provider, according to Rattray. The number of
computers being used in the attack is also increasing.
Attackers launch DDoS attacks using hundreds or thousands of
hacked computers, often as part of a botnet, to send traffic to a Website,
overwhelming it with data so it becomes inaccessible to anyone.
Anyone can post an online petition on Change.org for free in
support of practically any cause and encourage other people to sign. The site
lists 12 categories of causes, including animal rights, health issues and
environment.
"We won't stop or take down anything because of this
DDoS attack," Rattray said. "We believe in the fundamental right of
the people to organize around issues they care about it."
Companies generally rely on a geographically disparate
network and a big bandwidth pipe to withstand large DDoS attacks, Jason
Hoffman, co-founder and chief scientist at cloud provider Joyent, told eWEEK.
Many hosting services claim to have anti-DDOS capabilities, which usually mean
being able increase the amount of bandwidth it can handle to absorb the
attacks. The service provider or the upstream Internet service provider may
also just block IP addresses or certain types of packets to mitigate the attack,
according to Hoffman.
Change.org also contacted the U.S. State Department's Bureau
of East Asian Pacific Affairs for assistance "within hours of the attack,"
Rattray said. Change.org is currently blocked in China because of its
politically sensitive content.
Rep. Rosa DeLauro of Connecticut wrote a letter to Secretary
of State Hillary Rodham Clinton to denounce the attacks and urge Chinese
authorities to find and prosecute the hackers. House Minority Leader Rep. Nancy Pelosi
of San Francisco added her support. "I join @rosadelauro in denouncing attacks
from China on @change because of activism to free Ai Weiwei," Pelosi posted on
Twitter.
If the attackers are really from China, Change.org is in
good company. Blog publishing platform WordPress.com
also reported being hit with a DDoS attack originating from China last month.
The WordPress attack was not politically motivated, Automattic said at the
time.
The Chinese government has repeatedly denied being part of
any cyber-attacks, noting that attackers have targeted government servers in
the past. Dillon Beresford, a security researcher at NSS Labs has recently
publicized numerous serious vulnerabilities in government-owned e-mail servers,
network issues and government databases
that would allow attackers to steal sensitive information and login credentials.
A recent report released by the Anti-Phishing
Working Group found that attackers were "aggressively" targeting
Chinese organizations.
It's possible that attackers are not based in China at all
and are just covering their tracks using compromised computers.